PDF malware analysis — malicious · 7e896b85d11ae446

MALICIOUS

PDF

52.5 KB Created: 2020-08-12 23:02:54 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)

MD5: 81cf7a2d80cec894567a6b1bd5b3353b SHA-1: 6380f9dd5e2bec8e17b2bbcdbcd2cabc4344def8 SHA-256: 7e896b85d11ae446986c773f8b4c1beee49390fa8cb61ca00c787dc838bc06c6

120 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a lure related to a 'tnpsc group 2 new syllabus 2019 pdf in tamil' and embeds a link that redirects to malicious infrastructure. The heuristic PDF_MALICIOUS_REDIRECTOR_LINK confirms this redirection to a known malicious domain. The PDF also contains a link farm, suggesting an attempt to manipulate search engine results or distribute further malicious content.

Heuristics 3

PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK

PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM

Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://ttraff.com/wb?keyword=tnpsc%20group%202%20new%20syllabus%202019%20pdf%20in%20tamil
- http://files.genesiscarconcepts.com/uploads/1/3/0/7/130776511/mosenezazewarig.pdf
- http://files.roxytheatreactiongroup.com/uploads/1/3/1/3/131380717/b7e1d56045b8.pdf
- http://tulisuxi.sumiestore.com/uploads/1/3/2/6/132681579/3042245.pdf
- https://cdn.shopify.com/s/files/1/0435/0961/2712/files/giwoladamugolovu.pdf
- https://cdn.shopify.com/s/files/1/0429/3296/1443/files/9645812696.pdf
- https://cdn.shopify.com/s/files/1/0428/6650/7942/files/49321169088.pdf
- https://cdn.shopify.com/s/files/1/0434/4214/3388/files/wesixunubuxutiwuxutex.pdf
- https://cdn.shopify.com/s/files/1/0430/3136/3747/files/38744542847.pdf
- https://cdn.shopify.com/s/files/1/0430/8615/1833/files/klimaschutzpaket_bundesregierung.pdf
- https://cdn.shopify.com/s/files/1/0430/2965/9797/files/voxunimadikowadumuralifar.pdf
- https://cdn.shopify.com/s/files/1/0431/0119/2352/files/61461175639.pdf
- https://cdn.shopify.com/s/files/1/0435/6639/9647/files/kadum.pdf
- https://cdn.shopify.com/s/files/1/0436/3331/1904/files/zujuzovunu.pdf
- https://cdn.shopify.com/s/files/1/0430/6917/8017/files/gezurisanorinogali.pdf
- https://cdn.shopify.com/s/files/1/0429/3427/2159/files/zolaxijabesuzogozew.pdf
- https://cdn.shopify.com/s/files/1/0433/9892/2392/files/bimapara.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/

Extracted artifacts 3

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off000075ab.bin` `ab894946a8ed24326a72ce55310587e354d22369b6a579d170b42c94c3369a87`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x75AB	6240 bytes
`font_01_sfnt_off00008adb.bin` `7e9ce197ca066c818b9d4a69c96f51d8ca00a0a5bb186669db955abe4907ab63`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x8ADB	8840 bytes
`font_02_sfnt_off0000a1cd.bin` `3799063cb055da62c91ef93e97d1b13b967f8ea172a0dc60525fef52dbb5cbaf`	pdf-font-stream	PDF embedded font (sfnt) at offset 0xA1CD	10196 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.